Last year CBS live streamed 63 games of the March Madness college basketball tournament for the first time. Since the games happened mid-day on weekdays, basketball fans across the U.S. watched them at work – a headache both for network admins working hard to keep their networks zipping along, and for management accountable for lost productivity. (A study referenced in this article estimates $1.2 Billion in lost productivity is caused by the tourney.)

This year will no doubt be more of the same. When the 2009 tournament starts one week from today, more than 7 million people are expected to tune in, eating your bandwidth and slowing your network down. The good news is you can easily block the sites that live stream the games with OpenDNS. Then, if you so choose, unblock them when the tournament’s over.

Just log into your account, and go the Settings tab. On the Content Filtering page, scroll down to the bottom and add to your “always block” list.

  • Andrew

    Great Post Allison :)

  • arnieziffel

    Woo Hoo!! March Madness!..It’s only once a year, deal with it sports haters. :@P

  • Andrew

    Another workaround that has been popping up in the user space is changing their local dns to an internet DNS, like to avoid the OpenDNS block. You can be sure that your Firewalls only allow DNS traffic to OpenDNS to prevent this from happening.

  • Toretto


    that’s exactly how we’re going to “prevent” users from using the DNS server of our ISP. We’re using an ISA server, which allows me to block DNS requests; with the exception of opendns’s DNS Servers.

  • Drew

    As soon as MSU loses our bandwidth should go back to normal.
    Nobody here can change their DNS settings because of group policies so I should add the block to aggravate my users and make them get back to work!
    Thanks for the post Allison!

  • Daniel

    Andrew: We have had only one employee do that. He was immediately fired. Once the rest of the crew saw that we meant business, we had no further problems. That sort of behavior should be dealt with harshly.

  • paul

    how does that work, changing the local dns?
    can my kids do that at home?

  • Zane

    Really he was fired for watching basketball…seems a little harsh dontcha think.

  • Robert

    Yes paul they can do that. All you have to do is look at the network adapters tcp/ip setup and check the box to define DNS servers and type them in. Though this would require them to know them to start with

  • Patrick

    Paul – You can change the local dns settings under network connections (start ->control panel -> network connections). You’d right click your active network adaptor and go to properties. From there you’d hightlight tcp/ip properties and click properties again. There you can specify dns IPs.

    You can lock that down by applying a local policy that only your administrator account can change (make sure your local admin account has a password they do not know).

  • Jason

    Hey Paul. Yes, your kids could possibly do this at home. OpenDNS filtering works by pointing a client to OpenDNS DNS servers for name resolution. If a user on the client manually edits the DNS servers to something other than OpenDNS then the filtering is circumvented.

    Changing your DNS servers is a very simple thing to do on most clients. The solution would be to secure a client so that users are unable to change the DNS server and/or prevent DNS traffic from your network to any servers on the outside other than the OpenDNS servers.

  • Peter


    Your kids can only change DNS settings on the home PC if their accounts have the rights to change DNS. I believe that only administrators can do this on Windows boxes (but maybe power users? I forget.) If you are using Windows or MacOS at home, just create an account for yourself that is an administrator account, with a password, and accounts for your kids which are user accounts.

    Many of the things people would like to be able to game go away if they don’t have administrator rights on their systems. This is also helpful in a business environment, as it makes unapproved software a lot harder to use.


  • Alex

    In windows that “wishful” thinking to set up accounts as users only. Do you know how many programs will just not run unless the windows system is in admin mode. The list is long….

    If you want a home user not to be able to change settings in a home environment set up your DNS then get TweakUI (from MS) and in one of the selection you can hide things you dont want users to see. If they cant get to the network settings because the button isnt even on their screen then they cant change it. When you install TweakUI you install it for you only (a choice during install about current user vs all users) then when you need you go in and unhide the selections change what you need and then rehide them. Just make sure they dont know the password to your user id.

    In a work enviroment (larger than the home office people), you should have someone who can set up group policies to keep people from doing what you dont want them to. In both cases you keep windows in admin mode so that programs work properly.

    That is my 2 cents

  • Michael

    Yes, you can try and modify the dns settings on the machine’s control panel > network adapters. But if any smart system admin set up the network, those settings will have no effect…

    What am I talking about? HINT: it’s in the administrative tools section.

  • Michael

    actually, scratch that… it’s gpedit.msc…

    look in the administrative templates in computer configuration.

    the setting there overrides the settings in the network adapters’ properties box.

  • Daniel

    Sorry to leave this message so late, I’ve been busy. But no, our guy was not fired for watching ball games, he was bypassing the old DNS filter we used to use to look at porn. We fired him for bypassing our technical measures.

    I am not paid to babysit my co-workers. I am paid to manage the network. I do as I am asked by Management and take reasonable precautions against network abuse, but if you are going to circumvent my measures you obviously don’t want to be here, so there is no point in keeping you.

    If you want to play games on the internet, do so at home. This is harsh, but times are hard. We need people who are willing to work.

  • kabin

    In a work enviroment (larger than the home office people), you should have someone who can set up group policies to keep people from doing what you dont want them to.

  • Ian

    to solve this, you can set the DNS over your Routers setting… if i’m not mistaken its the routers DNS setting that prevails

  • steven

    It’s not such a big deal to have my people be able to listen/watch to the games at work. In our workspace it doesn’t hinder work at all, in fact, it helps keep moral boosted! And for those here who are unable to see or hear the games, we can keep them informed of what’s going on.